Ubuntu Security Notice 5120-1 - It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.
2b0bea3094eab3e20f9e8cd33f9618c3Ubuntu Security Notice 5111-2 - USN-5111-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
7500b7c4a02c2f112707a0502a50de50Ubuntu Security Notice 5111-1 - It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
d642b815ed1027cedc528205f2749233Ubuntu Security Notice 5110-1 - It was discovered that Ardour incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
fc33650c83dd63199cac1b58dc212ebfWordPress Duplicator plugin version 1.3.26 suffers from an unauthenticated arbitrary file read vulnerability.
18669dd16268ad8eff125d1a41041c75Ubuntu Security Notice 5078-3 - USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.
e89f5e24983a0f1abc5ff5bcdb35bb1aAlchemy CMS versions 2.x through 6.0.0 suffers from an arbitrary file upload vulnerability.
772227ba1ea679c5bb90f672fd31df27Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3.
92a400708d6b383cfe2f1bd0d3314d11Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.
5443c1ca578d802c9f7cf55428781490Ubuntu Security Notice 5107-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code.
dc7fa97881bdef965e8e559aba52c5c7Ubuntu Security Notice 5106-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. Various other issues were also addressed.
44f1cb6d4e6bc787eb2a64281fc880a2Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.
66b82cd487db6f570ee8d45f756cf2caAtlassian Confluence Server version 7.5.1 suffers from a pre-authorization arbitrary file read vulnerability.
4fa62bc6e28d287ea19c91e18c9cea00Ubuntu Security Notice 5097-1 - It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code.
0c091984a5d24aca2db359681d24e6d9Ubuntu Security Notice 5102-1 - It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.
95c2af071812f1816e02b53b258236adUbuntu Security Notice 5099-1 - It was discovered that Imlib2 incorrectly handled certain ICO images. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code.
c0c9acf37835b163ceba83390d84fff0College Management System version 1.0 suffers from an arbitrary file upload vulnerability.
ae23bba60e3ab6a866b38a74d2226d16sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
675f4c751850d0e0e066bdb6d38b8ebdUbuntu Security Notice 5094-2 - It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
20d2f8abce2c9c83ace3ae5b3be0ddf9Ubuntu Security Notice 5096-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass side- channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
d6f5c60f6c727f6d6b7b74743170676cUbuntu Security Notice 5092-2 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.
aeee33eaab84532e9f4d7e57892c0bc1Ubuntu Security Notice 5094-1 - It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
279180ec22dccd9a21dcad0096c3b3b8Ubuntu Security Notice 5090-4 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. Various other issues were also addressed.
90831576b5e159be92f9a4a7af321eefUbuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
5608f104eebba750eb15f048c91ed22dUbuntu Security Notice 5093-1 - Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
d62db22a529fb4b0551f5eaa73d5af5c
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed